What is the severity of CVE-2021-41186?

CVE-2021-41186 has a medium severity rating due to its potential to cause denial of service.

How do I fix CVE-2021-41186?

To fix CVE-2021-41186, you should upgrade Fluentd to a version later than 1.14.1.

What specific versions of Fluentd are affected by CVE-2021-41186?

CVE-2021-41186 affects Fluentd versions from 0.14.14 to 1.14.1.

What is the nature of the vulnerability in CVE-2021-41186?

The vulnerability in CVE-2021-41186 is a regular expression denial of service (ReDoS) caused by a broken apache log.

What components are impacted by CVE-2021-41186?

CVE-2021-41186 specifically impacts the parser_apache2 plugin in Fluentd.

Vulnerability/
CVE-2021-41186

high

7.5

CWE

400

29/10/2021

21/11/2024

CVE-2021-41186: ReDoS vulnerability in parser_apache2

First published: Fri Oct 29 2021(Updated: )

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Cogent Datahub	>=0.14.14<=1.14.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-41186?
CVE-2021-41186 has a medium severity rating due to its potential to cause denial of service.
How do I fix CVE-2021-41186?
To fix CVE-2021-41186, you should upgrade Fluentd to a version later than 1.14.1.
What specific versions of Fluentd are affected by CVE-2021-41186?
CVE-2021-41186 affects Fluentd versions from 0.14.14 to 1.14.1.
What is the nature of the vulnerability in CVE-2021-41186?
The vulnerability in CVE-2021-41186 is a regular expression denial of service (ReDoS) caused by a broken apache log.
What components are impacted by CVE-2021-41186?
CVE-2021-41186 specifically impacts the parser_apache2 plugin in Fluentd.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/title
agent/description
agent/first-publish-date
agent/last-modified-date
agent/author
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/fluentd
canonical/cogent datahub
version/cogent datahub/0.14.14
version/cogent datahub/1.14.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.